If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

sslstrip & gmail

Hi,

I am currently trying to figure out how Man-In-The-Middle Attacks with arpspoof and sslstrip work (at least on a superficial level). However, while my setup seems alright and I can sniff passwords of most ssl-sites (facebook, Hotmail, even my online banking site) just fine, gmail somehow keeps the https.

I am running BT5R1x32 on a Virtual machine (bridged network adapter)
I setup everything like that:

sslstrip is (or seems) properly installed; portforwarding works (according to cat /proc …).
As I said, sslstrip.log shows passwords from sites like facebook.com and on the target no ssl-certificate is displayed. But no matter what I type (mail.google.com, www.gmail.com …), gmail always goes into https. Does that mean that gmail is somehow immune to this kind of sniffing or that I do something wrong? I was unable to find any information on this in the web, including this forum. I assume that the next step would be to use wireshark and analyse the connections. However, I do not know how to efficiently analyze the data captured there.

Re: sslstrip & gmail

In my very own personal experience, it very much depends on the web browser...In Firefox you might have some problems, as well as in IE 9, and google chrome...
You are doing the right process..Keep in mind that arpspoofing is carried out in layer 3 (network), ssl takes place in session layer (Upper layers)...So the arpspoof is done first, when it gets to layer 5 (session), arpspoof has been done..It is supose to work, but ssl (as part of http) works different...

So If you want to read more about ssl and how it woks, you will see that it has to do with web browsers and some server-client interchange issues...I belive that might be the thing to pay attention to...

If you find something interesting about ssl and http, post it so the community can learn about it...

Re: sslstrip & gmail

Firefox and chrome both disallow non-https access to gmail and related sites. I'm not sure why the layer makes a difference, as right now, his only concern is the certificate and whether or not it exists...

World Domination is such an ugly phrase. I prefer the term World Optimization.